How to disable directory listing in Apache
Apache directory listing is provided by the AutoIndex module. If enabled, Apache will show the list of files and folders if no DirectoryIndex files are present in a particular path or folder.
Example of common DirectoryIndex files are index.html, index.htm, index.php and welcome.html, configurable in Apache configuration file.
It's a handy feature for sure but you might want to disable directory listing for security or any other other reasons.
You can prevent directory listing for Apache by disabling mod_autoindex altogether, set appropriate options in Apache configuration file or by using htaccess file.
Methods to disable directory listing in Apache:
If you're hosting on platforms such as cPanel, you can use platform-specific methods to disable Apache's directory listing.
Disable Apache directory listing by disabling autoindex module
The easiest way is probably to disable the autoindex module entirely and disabling the module would affect all the sites hosted on the server.
- Launch your preferred terminal application
- Disable autoindex module for Apache.
$ sudo a2dismod --force autoindex # Ubuntu, Debian and SUSE Module autoindex disabled. To activate the new configuration, you need to run: systemctl restart apache2
- Distributions with a2dismod support can simply run the command above without having to manually disable the required modules.
- LoadModule directive for the corresponding autoindex module need to be manually disabled by removing or commenting (by adding # at the beginning) the line in the configuration file.
Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp a2dismod support yes yes no no no no Modules to uninstall none Module name n/a autoindex Loadmodule directive n/a #LoadModule autoindex_module <module_locations>/mod_autoindex.so - Restart Apache for the changes to take effect.
Disable Apache directory listing via Directory's Options directive
You can add -Indexes to Options directive in Apache's configuration file to fully disable directory listing, or add the same -Indexes option into Directory configuration to disable the feature per-directory.
- Open Apache's configuration file using your preferred text editor.
$ sudo vi /etc/apache2/other/mysite.conf
The configuration could be set globally or from within VirtualHost configuration.
- Add -Indexes to Options directive for required directory.
<Directory /var/www/mysite> Options -Indexes </Directory>
Notice that it's -Indexes and not +Indexes
- Restart Apache for the changes to take effect.
Disable Apache directory listing using .htaccess
If you don't have administrator access to the system or just want to easily manage directory listing on per-directory basis, you can use the above Options -Indexes directive in htaccess files.
- Open or create htaccess file on the directory that you want to disable listing using your preferred text editor.
$ sudo vi /var/www/mysite/.htaccess
- Add -Indexes to Options directive in the htaccess file.
Options -Indexes
Guide compatibility:
| Operating System |
|---|
| Ubuntu 16.04 LTS (Xenial Xerus) |
| Ubuntu 16.10 (Yakkety Yak) |
| Ubuntu 17.04 (Zesty Zapus) |
| Ubuntu 17.10 (Artful Aardvark) |
| Ubuntu 18.04 LTS (Bionic Beaver) |
| Ubuntu 18.10 (Cosmic Cuttlefish) |
| Ubuntu 19.04 (Disco Dingo) |
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.
Comment anonymously. Login not required.
